The feature-comments plugin prior to 1.2.5 for WordPress has CSRF for featuring or burying a comment.
pippinsplugins featured comments